Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Homeclaw
v1.0.0家庭模式智能管家,管理健康监测、学习辅导、宠物照顾、家居控制及日程安排,服务全家人生活需求。
⭐ 0· 269·1 current·1 all-time
byLeo Sheng@leocryptoflow
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a family AI housekeeper (health monitoring, tutoring, pet care, smart-home control). The declared metadata requests no binaries, env vars, or installs — that is plausible for a high-level, instruction-only skill, but the scope (integrating with wearables, smart home devices, emergency calls) normally requires device APIs/credentials or platform connectors which are not declared. This mismatch is noteworthy but could be explained if the skill relies on the host platform's connectors.
Instruction Scope
The SKILL.md content is high-level and does not instruct the agent to read files, access env vars, or call external endpoints directly. However, the regex scanner flagged unicode-control-chars in the SKILL.md, which can be used to hide or reorder text (a prompt-injection technique). Because hidden/obfuscated content could contain runtime directives, this is a significant concern and the raw file bytes should be inspected.
Install Mechanism
No install spec and no code files beyond a package.json and SKILL.md — lowest-risk form (instruction-only). Nothing is written to disk by an installer here.
Credentials
The skill requests no environment variables or credentials. Given its claimed integrations (health devices, smart home, emergency calls), one would normally expect access tokens, API keys, or platform-specific config. Absence of declared credentials could mean: (a) the skill delegates to host platform connectors (acceptable), or (b) the SKILL.md hides instructions for obtaining/accessing secrets (concerning given the unicode-control-chars finding).
Persistence & Privilege
always is false and autonomous invocation is allowed (platform default). The skill does not request elevated persistence or modify other skills. Nothing here suggests excessive privilege.
Scan Findings in Context
[unicode-control-chars] unexpected: Control characters are not expected in a plain SKILL.md describing a family assistant. These characters can be used to hide or reorder text (prompt-injection). The visible content is benign, but the presence of such characters means the file should be inspected in raw form to ensure no hidden instructions or credential-exfiltration directives exist.
What to consider before installing
Proceed cautiously. Before installing: (1) ask the author for source/homepage and a clear explanation of how device integrations are implemented and what credentials (if any) will be needed; (2) obtain and inspect the raw SKILL.md bytes (not just rendered text) to confirm there are no hidden characters or obfuscated instructions; (3) do not provide any secrets/credentials until you understand exactly where they will be used and stored; (4) prefer testing in a sandboxed environment and verify the skill truly stores data locally and does not transmit health or personal data externally. If the author cannot explain the unicode-control-chars finding or the lack of required device credentials, treat the skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk97eq258hqhzyfnkgj71gscqpn82ne13
License
MIT-0
Free to use, modify, and redistribute. No attribution required.